coop-cloud/authentik
coop-cloud/authentik
1
2
Fork 4
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

add kimai saml integration
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Simon 2024-05-08 12:34:07 +02:00
parent fc33f285f4
commit 17d40711e0
5 changed files with 69 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.env.sample
View File

@ -89,6 +89,12 @@ AUTHENTIK_COLOR_BACKGROUND_LIGHT=#1c1e21
# SECRET_OUTLINE_SECRET_VERSION=v1 # SECRET_OUTLINE_SECRET_VERSION=v1
# APP_ICONS="$APP_ICONS outline:~/.abra/recipes/authentik/icons/outline.png" # APP_ICONS="$APP_ICONS outline:~/.abra/recipes/authentik/icons/outline.png"
# COMPOSE_FILE="$COMPOSE_FILE:compose.kimai.yml"
# KIMAI_DOMAIN=kimai.example.com
# SECRET_KIMAI_ID_VERSION=v1
# SECRET_KIMAI_SECRET_VERSION=v1
# APP_ICONS="$APP_ICONS kimai:~/.abra/recipes/authentik/icons/kimai.png"
# COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml" # COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml"
# MONITORING_DOMAIN=monitoring.example.com # MONITORING_DOMAIN=monitoring.example.com
# SECRET_MONITORING_ID_VERSION=v1 # SECRET_MONITORING_ID_VERSION=v1

5
abra.sh
View File

@ -11,6 +11,7 @@ export MATRIX_CONFIG_VERSION=v1
export WEKAN_CONFIG_VERSION=v3 export WEKAN_CONFIG_VERSION=v3
export VIKUNJA_CONFIG_VERSION=v1 export VIKUNJA_CONFIG_VERSION=v1
export OUTLINE_CONFIG_VERSION=v2 export OUTLINE_CONFIG_VERSION=v2
export KIMAI_CONFIG_VERSION=v1
export RALLLY_CONFIG_VERSION=v2 export RALLLY_CONFIG_VERSION=v2
export HEDGEDOC_CONFIG_VERSION=v1 export HEDGEDOC_CONFIG_VERSION=v1
export MONITORING_CONFIG_VERSION=v1 export MONITORING_CONFIG_VERSION=v1
@ -55,19 +56,15 @@ with open('/tmp/$1', newline='') as file:
email = row[2].strip() email = row[2].strip()
groups = row[3].split(';') groups = row[3].split(';')
if User.objects.filter(username=username): if User.objects.filter(username=username):
print(f'{username} already exists')
continue continue
new_user = User.objects.create(name=name, username=username, email=email) new_user = User.objects.create(name=name, username=username, email=email)
print(f'{username} created')
for group_name in groups: for group_name in groups:
group_name = group_name.strip() group_name = group_name.strip()
if Group.objects.filter(name=group_name): if Group.objects.filter(name=group_name):
group = Group.objects.get(name=group_name) group = Group.objects.get(name=group_name)
else: else:
group = Group.objects.create(name=group_name) group = Group.objects.create(name=group_name)
print(f'{group_name} created')
group.users.add(new_user) group.users.add(new_user)
print(f'add {username} to group {group_name}')
""" 2>&1 | quieten """ 2>&1 | quieten
} }

14
compose.kimai.yml Normal file
View File

@ -0,0 +1,14 @@
version: "3.8"
services:
worker:
environment:
- KIMAI_DOMAIN
configs:
- source: kimai
target: /blueprints/kimai.yaml
configs:
kimai:
name: ${STACK_NAME}_kimai_${KIMAI_CONFIG_VERSION}
file: kimai.yaml.tmpl
template_driver: golang

BIN
icons/kimai_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

48
kimai.yaml.tmpl Normal file
View File

@ -0,0 +1,48 @@
version: 1
metadata:
labels:
blueprints.goauthentik.io/instantiate: "true"
name: kimai
entries:
- attrs:
acs_url: https://{{ env "KIMAI_DOMAIN" }}/auth/saml/acs
assertion_valid_not_before: minutes=-5
assertion_valid_not_on_or_after: minutes=5
audience: https://{{ env "KIMAI_DOMAIN" }}/auth/saml
authentication_flow: !Find [authentik_flows.flow, [slug, default-authentication-flow]]
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
digest_algorithm: http://www.w3.org/2001/04/xmlenc#sha256
issuer: https://{{ env "DOMAIN" }}
name: Kimai
name_id_mapping: !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Username"]]
property_mappings:
- !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Name"]]
- !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Email"]]
- !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: User ID"]]
- !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Username"]]
- !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: Groups"]]
- !Find [authentik_providers_saml.samlpropertymapping, [name, "authentik default SAML Mapping: UPN"]]
session_valid_not_on_or_after: minutes=86400
signature_algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
signing_kp: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
sp_binding: post
conditions: []
id: kimai_provider
identifiers:
pk: 9991
model: authentik_providers_saml.samlprovider
state: present
- attrs:
meta_launch_url: https://{{ env "KIMAI_DOMAIN" }}
open_in_new_tab: true
policy_engine_mode: any
provider: !KeyOf kimai_provider
slug: kimai
conditions: []
id: kimai_application
identifiers:
name: Kimai
model: authentik_core.application
state: present